← Back to team overview

openstack team mailing list archive

Keystone and Swift Integration

 

Hi,

I've built an OpenStack (Folsom) demo VM (Ubuntu 12.10) and manually
installed Swift. I am trying to get Swift to use Keystone for
authentication, but am having trouble finding what I need to do to the
/etc/swift/swift-proxy.conf file. The instructions I have been following
say I should "Configure the paste file for swift-proxy
(`/etc/swift/swift-proxy.conf`)", but I don't know what needs to be done.
The document I am following is here:
http://docs.openstack.org/folsom/openstack-compute/admin/content/configuring-swift-to-use-keystone.html

I've only been using OpenStack for about a week, so my apologies if this is
obvious, but I can't figure it out. I've tried googling the config file,
but I just get the document I am using (or the previous Wessex version) and
there's no sample file in the Swift distribution.

The second config file I need to edit is the /etc/swift/proxy-swift.conf
file. I have a couple of questions about this too. There's a section I need
to paste into it as follows:

===
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
# Delaying the auth decision is required to support token-less
# usage for anonymous referrers ('.r:*').
delay_auth_decision = 10
service_port = 5000
service_host = 127.0.0.1
auth_port = 35357
auth_host = 127.0.0.1
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
auth_token = 012345SECRET99TOKEN012345
admin_token = 012345SECRET99TOKEN012345
admin_tenant_name = service
admin_user = swift
admin_password = swift
===

Do I need to change the auth port? I can run the following command
successfully:

===
root@openstack02:/home/stack/bin# curl -v -H 'X-Storage-User: admin:admin'
-H 'X-Storage-Pass: admin' http://127.0.0.1:8080/auth/v1.0
* About to connect() to 127.0.0.1 port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /auth/v1.0 HTTP/1.1
> User-Agent: curl/7.27.0
> Host: 127.0.0.1:8080
> Accept: */*
> X-Storage-User: admin:admin
> X-Storage-Pass: admin
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< X-Storage-Url: http://127.0.0.1:8080/v1/AUTH_admin
< X-Auth-Token: AUTH_tk0022e539fae64647883b9fa529311982
< Content-Type: text/html; charset=UTF-8
< X-Storage-Token: AUTH_tk0022e539fae64647883b9fa529311982
< Content-Length: 0
< Date: Wed, 28 Feb 2013 15:00:02 GMT
<
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0
root@openstack02:/home/stack/bin#
===

So does that mean by auth_port is 8080? I assume that the X-Auth-Token is
both the admin_token and auth_token? Is the admin_user (given the example
above) going to be "admin:admin"?

Any assistance would very much be appreciated!

Regards,
Julian.

Follow ups